private void GetAuthCookie() { if (Request.Cookies != null) { var httpCookie = Request.Cookies["token"]; if (httpCookie != null) { try { token = new TradelrSecurityToken(httpCookie.Value); } catch (Exception ex) { // expired, clear cookie ClearAuthCookie(); ClearOldCookie(); } } } }
protected void SetAuthCookie(user usr, bool rememberme) { DateTime expires; if (rememberme) { expires = DateTime.UtcNow.AddSeconds(COOKIE_LIFETIME); } else { expires = DateTime.UtcNow.AddSeconds(COOKIE_LIFETIME_MIN); } ///// handle permissions if (usr.permissions.HasValue) { permission = (UserPermission)usr.permissions.Value; } else { permission = ((UserRole)usr.role).HasFlag(UserRole.CREATOR) ? UserPermission.ADMIN : UserPermission.USER; } token = new TradelrSecurityToken(usr.id.ToString(), usr.role.ToString(), permission.ToInt().ToString(), expires); Response.Cookies["token"].Value = token.Serialize(); Response.Cookies["token"].Expires = expires; Response.Cookies["token"].HttpOnly = true; #if SUPPORT_HTTPS Response.Cookies["token"].Secure = true; #endif // can't log out if the following is set //Response.Cookies["token"].Domain = accountHostname; // update last login usr.lastLogin = DateTime.UtcNow; repository.Save(); }
protected override void OnActionExecuting(ActionExecutingContext filterContext) { accountHostname = Request.Headers["Host"]; #if DEBUG if (accountHostname == "local") { filterContext.Result = new RedirectResult(GeneralConstants.HTTP_HOST + Request.Url.PathAndQuery); return; } #else if (accountHostname == null || accountHostname == "tradelr.com" || accountHostname == "98.126.29.28") { filterContext.Result = new RedirectResult(GeneralConstants.HTTP_HOST + Request.Url.PathAndQuery); return; } #endif ////////////////////// subdomain check /////////////////////////////// #if DEBUG if (accountHostname.EndsWith("localhost")) #else if (accountHostname.EndsWith("tradelr.com")) #endif { ////////////// handles case for subdomains string[] host = accountHostname.Split('.'); string hostSegment = ""; // not on a subdomain if (!Utility.IsOnSubdomain(host, out hostSegment)) { return; } MASTERdomain = db.GetSubDomain(hostSegment); // ensure that incoming host name matches x.tradelr.com. // this is to handle www.x.tradelr.com returning www.tradelr.com if (MASTERdomain != null) { #if DEBUG var validHost = string.Format("{0}.localhost", hostSegment); #else var validHost = string.Format("{0}.tradelr.com", hostSegment); #endif if (validHost != accountHostname) { filterContext.Result = new RedirectResult(string.Format("{0}://{1}", Request.Url.Scheme, validHost)); return; } } } else { ////////////////// handles case for custom subdomains MASTERdomain = db.GetCustomHostname(accountHostname); } if (MASTERdomain == null) { // subdomain does not exist filterContext.RequestContext.HttpContext.Response.StatusCode = HttpStatusCode.NotFound.ToInt(); filterContext.Result = new RedirectResult(GeneralConstants.HTTP_HOST); return; } /////////// SUBDOMAIN EXISTS accountLimits = MASTERdomain.accountType.ToEnum<AccountPlanType>().ToAccountLimit(); accountSubdomainName = MASTERdomain.name; subdomainid = MASTERdomain.id; stats = MASTERdomain.ToSubdomainStats(); IsStoreEnabled = MASTERdomain.IsStoreEnabled(); baseviewmodel.storeEnabled = IsStoreEnabled; subdomainFlags = (SubdomainFlags) MASTERdomain.flags; if ((MASTERdomain.flags & (int)SubdomainFlags.OFFLINE_ENABLED) != 0) { var browsertype = Request.Browser.Type.ToLower(); if (browsertype.Contains("safari") || browsertype.Contains("chrome")) { baseviewmodel.manifestFile = "manifest=\"/manifest\""; } } baseviewmodel.orgName = MASTERdomain.organisation.name; baseviewmodel.shopUrl = accountHostname; /////////////////////// session check /////////////////////////////// token = Request.RequestContext.HttpContext.Items["token"] as TradelrSecurityToken; if (token == null) { GetAuthCookie(); } if (token != null) { Request.RequestContext.HttpContext.Items["token"] = token; sessionid = token.UserID; var usr = db.GetUserById(sessionid.Value, subdomainid.Value); if (usr != null) { baseviewmodel.notifications = usr.ToNotification(MASTERdomain.trialExpired).ToJson(); } role = token.UserRole.ToEnum<UserRole>(); baseviewmodel.role = role; permission = token.Permission.ToEnum<UserPermission>(); baseviewmodel.permission = permission; } base.OnActionExecuting(filterContext); }